RE: Exchange Server and External Access

["Hay, Duane" <Duane.Hay () allstream com>]

Instead of a conventional VPN, why not go with an SSL VPN?  

There are a number of companies that provide these solutions.  Some are
even capable of tunneling Outlook client requests through HTTPS, so your
users can use their standard Outlook software to connect directly to the
corporate Exchange Server.

There is no client software to install, you can integrate Strong
Authentication, even limit the resources available through the VPN based
on the user login.

Hope this helps....


 
 
=======================================
Duane Hay
Senior Security Consultant
Advanced Information Security Solutions
Allstream www.allstream.com


-----Original Message-----
From: Nick Duda [mailto:nduda () VistaPrint com] 
Sent: Monday, August 25, 2003 12:23 PM
To: jsansi () ritzfoodservice com; Cherian M. Palayoor;
security-basics () securityfocus com
Subject: RE: Exchange Server and External Access


The reason why we didn't do that in my location was ease of
connectivity. Principals and executives like to just pop open a browser
and get email. Adding them to the corporate vpn would require vpn
software installs..etc. Not to mention all the different hotels during
traveling tend to block a lot of vpn traffic.

- Nick

-----Original Message-----
From: Jimmy Sansi [mailto:jsansi () ritzfoodservice com]
Sent: Friday, August 22, 2003 5:09 PM
To: 'Cherian M. Palayoor'; security-basics () securityfocus com
Subject: RE: Exchange Server and External Access



Why not configure a VPN into the network. Easier then setting up another
server in the DMZ, plus users can have access to other network resources
as well.

-Jimmy

-----Original Message-----
From: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com]
Sent: Friday, August 22, 2003 12:11 PM
To: security-basics () securityfocus com
Subject: Exchange Server and External Access


Hi,

We presently use the Std edition of Exchange 2000 as a mail server for
our internal users, behind the Firewall.

However we would like to grant mailbox access to external users outside
the Firewall.

What would be the most secure and efficient method of accomplishing
this. 

One stream of thought that I have been entertaining is having a separate
Exchange/Mail  Server on the DMZ.

Now this solution would result in having to maintain 2 separate
mailboxes for internal and external users. This creates problems for
users who would access their emails from both inside and outside the
office.

How can I workaround this problem.

Thanks in advance for any suggestions.

Regards

CP


 Scanned by Webshield E250



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------